Press ReleaseCyber Crime & ForensicCyber Safety

NINJIO: Cybercriminals Are Targeting Legal Sector

New report from human risk management leader NINJIO exposes the evolving threat landscape in the legal sector, and what firms must do to defend them.

Cybercriminals are waging a relentless assault on the legal sector and many law firms are dangerously unprepared, according to a new report from cybersecurity awareness training and human risk management company NINJIO. Titled “Law and Disorder: How Cybercriminals Are Attacking the Legal Sector and What Can Be Done to Stop Them, the NINJIO report reveals how cybercriminals are exploiting legal professionals, associations, and third parties and how they often use Artificial Intelligence (AI)-powered social engineering and phishing tactics.

The legal industry’s access to sensitive data—including intellectual property, M&A details, and client communications—makes it a prime target. The report details recent breaches at top-tier firms like Orrick and Gunster and exposes how hackers infiltrate the legal ecosystem through third-party vulnerabilities, malware disguised as legal documents, and business email compromise (BEC) schemes.

“Law firms aren’t isolated fortresses, they’re connected hubs of valuable information,” says Matt Lindley, Chief Innovation and Information Security Officer at NINJIO. “That makes the legal supply chain an attractive target. As AI-powered phishing becomes more sophisticated, security strategies must evolve fast.”

Joshua Ray, Founder of cybersecurity firm Blackwire Labs and a former US Department of Defence cybersecurity expert, adds: “Law firms are now high-value nodes in broader threat campaigns. Attackers are no longer opportunistic—they’re launching targeted, multimillion-dollar operations that exploit specific legal industry vulnerabilities.”

Key Findings of NINJIO Study

  • 29% of law firms experienced a breach in 2023, and 60% of large firms did not know if they had.
  • Artificial Intelligence is revolutionising social engineering, allowing attackers to impersonate clients, courts, and regulators with near-perfect legal language.
  • Third-party breaches are surging, with supply chain attacks up 68% from 2023 to 2024.
  • Cybercriminals are using malware platforms to trick lawyers into downloading fake legal documents.

Lindley asserts: “Traditional defences are no longer enough. Law firms must take the human element seriously. In the AI era, training that mirrors real-world attack scenarios isn’t just helpful—it’s essential.”

NINJIO’s Call to Action

To defend against this rapidly evolving threat landscape, the company urges legal organisations to:

  • Conduct continuous cybersecurity risk assessments and third-party audits.
  • Build a robust incident response plan (only one-third of law firms have one).
  • Deploy relevant, personalised, and engaging cybersecurity awareness training across all roles, from senior partners to support staff.

Download the Full Report by visiting NINJIO’s website.

 

Martin Dale Bolima

Martin has been a Technology Journalist at Asia Online Publishing Group (AOPG) since July 2021, tasked primarily to handle the company’s Disruptive Tech Asia and Disruptive Tech News online portals. He also contributes to Cybersecurity ASEAN and Data&Storage ASEAN, with his main areas of interest being artificial intelligence and machine learning, cloud computing and cybersecurity. A seasoned writer and editor, Martin holds a degree in Journalism from the University of Santo Tomas in the Philippines. He began his professional career back in 2006 as a writer-editor for the University Press of First Asia, one of the premier academic publishers in the Philippines. He next dabbled in digital marketing as an SEO writer while also freelancing as a sports and features writer.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *